About the Connector

1.1 Certified Components

Table 1-1 lists the certified components for this connector.

Table 1-1 Certified Components

Item	Requirement
Oracle Identity Governance or Oracle Identity Manager	You can use one of the following releases of Oracle Identity Governance or Oracle Identity Manager: Oracle Identity Governance 12c (12.2.1.4.0) Oracle Identity Governance 12c (12.2.1.3.0) Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0) Oracle Identity Manager 11g Release 2 BP04 (11.1.2.0.4) and any later BP in this release track Oracle Identity Manager 11g Release 1 (11.1.1.5.0) and any later BP in this release track
Target systems	The target system can be any one of the following: Siebel 7.5 through Siebel CRM 8.2.2 Siebel Innovation Pack 2015 Siebel Innovation Pack 2016 Siebel Innovation Pack 2017 Siebel Innovation Pack 2018 Siebel 19.x, 20.x21.x, 22.x, 23.x Note: Siebel Connector needs JDK 1.8 or later as a minimum version to work with Siebel IP 2017, IP 2018, Siebel 19.x, and 20.x and 23.x target systems.
Connector Server	11.1.2.1.0
Connector Server JDK and JRE	This requirement must be as follows: For deploying the connector: JDK 1.6 update 18 or later, or JRockit JDK 1.6 update 17 or later For deploying the connector server: JDK or JRE 1.5 or later Note: If you are using Siebel Innovation Pack 2017, 2018, Siebel 19.x, or 20.x see Understanding the JDK Requirement for Siebel IP 2017, Siebel IP 2018, Siebel 19.x, or Siebel 20.x for information related to JDK requirement.
External code	Depending on the target system that you use, obtain one of the following dependent libraries from the target system: For Siebel 7.5 through 7.7: SiebelJI_Common.jar, SiebelJI_enu.jar, and SiebelJI.jar For Siebel 7.8 through 8.2.2 and Siebel Innovation Pack 2015, 2016, 2017, 2018, Siebel 19.x, and 20.x: Siebel.jar and SiebelJI_enu.jar

1.2 Usage Recommendation

Depending on the Oracle Identity Manager version that you are using, you must deploy and use one of the following connectors:

If you are using an Oracle Identity Manager release 9.1.0.2 or later and earlier than Oracle Identity Manager 11g Release 1 (11.1.1.5.0), then you must use the 9.0.4.x version of this connector.
If you are using Oracle Identity Manager 11g Release 1 (11.1.1.5.0) or later, Oracle Identity Manager 11g Release 2 BP04 (11.1.2.0.4) or later, or Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0), then use the latest 11.1.1.x version of this connector.

1.3 Certified Languages

This release of the connector supports the following languages:

Arabic
Chinese Simplified
Chinese Traditional
Danish
English
French
German
Italian
Japanese
Korean
Portuguese (Brazilian)
Spanish

1.4 Connector Architecture

Figure 1-1 shows the architecture of the connector.

Figure 1-1 Connector Architecture

Description of "Figure 1-1 Connector Architecture"

The Siebel User Management connector is implemented by using the Identity Connector Framework (ICF). The ICF is a component that provides basic reconciliation and provisioning operations that are common to all Oracle Identity Manager connectors. In addition, ICF provides common features that developers would otherwise need to implement on their own, such as connection pooling, buffering, time outs, and filtering. The ICF is shipped along with Oracle Identity Manager. Therefore, you need not configure or modify the ICF.

1.5 Features of the Connector

The following are features of the connector:

1.5.1 Dependent Lookup Fields

If you have multiple installations of the target system, the entries in lookup definitions (used as an input source for lookup fields during provisioning) can be linked to the target system installation from which they are copied. Therefore, during a provisioning operation, you can select lookup field values that are specific to the target system installation on which the provisioning operation is being performed.

See Lookup Definitions Synchronized with the Target System for more information about the format in which data is stored in dependent lookup definitions.

1.5.2 Full and Incremental Reconciliation

After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, incremental reconciliation is automatically enabled. In incremental reconciliation, user accounts that have been added, modified, or deleted since the last reconciliation run are fetched into Oracle Identity Manager.

You can perform a full reconciliation run at any time.

See Performing Full Reconciliation for more information.

1.5.3 Limited Reconciliation

You can set a reconciliation filter as the value of the Custom Recon Query attribute of the user reconciliation scheduled job. This filter specifies the subset of added and modified target system records that must be reconciled.

See Performing Limited Reconciliation for more information.

1.5.4 Reconciliation Based on User Type

You can specify the Siebel user type (Employee or User) for which you want to reconcile records from the target system.

See Reconciliation Based on User Type for more information.

1.5.5 Reconciliation of Deleted User Records

You can configure the connector for reconciliation of deleted user records. In target resource mode, if a record is deleted on the target system, then the corresponding Siebel resource is revoked from the OIM User. In trusted source mode, if a record is deleted on the target system, then the corresponding OIM User is deleted.

See Scheduled Job for Reconciliation of Deleted Users Records for more information about scheduled jobs used for reconciling deleted user records.

1.5.6 Transformation and Validation of Account Data

You can configure validation of account data that is brought into or sent from Oracle Identity Manager during reconciliation and provisioning. In addition, you can configure transformation of account data that is brought into Oracle Identity Manager during reconciliation. The following sections provide more information:

1.5.7 Support for Connector Server

Connector Server is a component provided by ICF. By using one or more connector servers, the connector architecture permits your application to communicate with externally deployed bundles. In other words, a connector server enables remote execution of an Oracle Identity Manager connector.

A Java connector server is useful when you do not wish to execute a Java connector bundle in the same VM as your application. It can be beneficial to run a Java connector on a different host for performance improvements.

1.5.8 Connection Pooling

A connection pool is a cache of objects that represent physical connections to the target. Oracle Identity Manager connectors can use these connections to communicate with target systems. At run time, the application requests a connection from the pool. If a connection is available, then the connector uses it and then returns it to the pool. A connection returned to the pool can again be requested for and used by the connector for another operation. By enabling the reuse of connections, the connection pool helps reduce connection creation overheads like network latency, memory allocation, and authentication.

One connection pool is created for each IT resource. For example, if you have three IT resources for three installations of the target system, then three connection pools will be created, one for each target system installation.

Setting up the Lookup.Configuration.Siebel Lookup Definition for Connection Pooling provides information about connection pooling.

1.6 Lookup Definitions Used During Reconciliation and Provisioning

Lookup definitions used during reconciliation and provisioning can be divided into the following categories:

1.6.1 Lookup Definitions Synchronized with the Target System

During a provisioning operation, you use a lookup field on the process form to specify a single value from a set of values. For example, you use the Responsibility lookup field to select a responsibility to be assigned to the user from the list of available responsibilities. When you deploy the connector, lookup definitions (with no lookup entries) corresponding to the lookup fields on the target system are created in Oracle Identity Manager. Lookup field synchronization involves copying additions or changes made to the target system lookup fields into the lookup definitions in Oracle Identity Manager.

The following lookup definitions are populated with values fetched from the target system by the scheduled jobs for lookup field synchronization:

Lookup.Siebel.TimeZone
Lookup.Siebel.PersonalTitle
Lookup.Siebel.PreferredCommunications
Lookup.Siebel.EmployeeTypeCode
Lookup.Siebel.Position
Lookup.Siebel.Responsibility

The Siebel Lookup Recon scheduled job is used to synchronize values of these lookup definitions with the target system. While configuring the Siebel Lookup Recon scheduled job, you specify the name of the lookup definition that you want to synchronize as the value of the Lookup Definition Name attribute. See Scheduled Job for Lookup Field Synchronization for more information about this scheduled job.

After lookup definition synchronization, data is stored in the following format:

Code Key format: IT_RESOURCE_KEY~LOOKUP_FIELD_ID_OR_NAME

In this format:
- IT_RESOURCE_KEY is the numeric code assigned to the IT resource in Oracle Identity Manager.
- LOOKUP_FIELD_ID_OR_NAME is the target system code or name assigned to the lookup field entry.
Sample value: 1~AHA CEO
Decode format: IT_RESOURCE_NAME~LOOKUP_FIELD_ENTRY

In this format:
- IT_RESOURCE_NAME is the name of the IT resource in Oracle Identity Manager.
- LOOKUP_FIELD_ENTRY is the value or description of the lookup field entry on the target system.
Sample value: SIEBEL IT Resource~AHA Headquarter

While performing a provisioning operation on the Administrative and User Console, you select the IT resource for the target system on which you want to perform the operation. When you perform this action, the lookup definitions on the page are automatically populated with values corresponding to the IT resource (target system installation) that you select. If your environment has multiple installations of the target system then only values that correspond to the IT resource that you select are displayed. During lookup field synchronization, new entries are appended to the existing set of entries in the lookup definitions. You can switch between multiple installations of the same target system. Because the IT resource key is part of each entry created in each lookup definition, only lookup field entries that are specific to the IT resource you select during a provisioning operation are displayed.

1.6.2 Preconfigured Lookup Definitions

This section discusses the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed. The other lookup definitions are as follows:

1.6.2.1 Lookup.Configuration.Siebel

The Lookup.Configuration.Siebel lookup definition holds connector configuration entries that are used during reconciliation and provisioning operations.

Table 1-2 lists the default entries in this lookup definition.

Table 1-2 Entries in the Lookup.Configuration.Siebel Lookup Definition

Code Key	Decode	Description
Bundle Name	org.identityconnectors.siebel	This entry holds the name of the connector bundle package. Do not modify this entry.
Bundle Version	1.0.1	This entry holds the version of the connector bundle class. Do not modify this entry.
Connector Name	org.identityconnectors.siebel.SiebelConnector	This entry holds the name of the connector class. Do not modify this entry.
User Configuration Lookup	Lookup.Siebel.UM.Configuration	This entry holds the name of the lookup definition that contains user-specific configuration properties. Do not modify this entry.

1.6.2.2 Lookup.Siebel.UM.Configuration

As discussed earlier, the Lookup.Siebel.UM.Configuration lookup definition holds configuration entries that are specific to the user object type. This lookup definition is used during user management operations.

Table 1-3 lists the default entries in this lookup definition.

Table 1-3 Entries in the Lookup.Siebel.UM.Configuration Lookup Definition

Code Key	Decode	Description
Provisioning Attribute Map	Lookup.Siebel.UM.ProvAttrMap	This entry holds the name of the lookup definition that maps process form fields and target system attributes. See Lookup.Siebel.UM.ProvAttrMap for more information about this lookup definition.
Recon Attribute Map	Lookup.Siebel.UM.ReconAttrMap	This entry holds the name of the lookup definition that maps resource object fields and target system attributes. See Lookup.Siebel.UM.ReconAttrMap for more information about this lookup definition.
Provisioning Validation Lookup	Lookup.Siebel.UM.ProvValidation	This entry holds the name of the lookup definition that is used to configure validation of attribute values entered on the process form during provisioning operations. See Configuring Validation of Data During Reconciliation and Provisioning for more information about adding entries in this lookup definition.
Recon Validation Lookup	Lookup.Siebel.UM.ReconValidation	This entry holds the name of the lookup definition that is used to configure validation of attribute values that are fetched from the target system during reconciliation. See Configuring Validation of Data During Reconciliation and Provisioning for more information about adding entries in this lookup definition.
Recon Transformation Lookup	Lookup.Siebel.UM.ReconTransformation	This entry holds the name of the lookup definition that is used to configure transformation of attribute values that are fetched from the target system during user reconciliation. See Configuring Transformation of Data During User Reconciliation for more information about adding entries in this lookup definition.

1.6.2.3 Lookup.Siebel.UM.ReconAttrMap

The Lookup.Siebel.UM.ReconAttrMap lookup definition holds mappings between resource object fields and target system attributes. This lookup definitions is used during reconciliation. This lookup definition is preconfigured. Table 1-4 lists the default entries.

You can add entries in this lookup definitions if you want to map new target system attributes for reconciliation. See Extending the Functionality of the Connector for more information.

1.6.2.4 Lookup.Siebel.UM.ProvAttrMap

The Lookup.Siebel.UM.ProvAttrMap lookup definition holds mappings between process form fields and target system attributes. This lookup definitions is used during provisioning. This lookup definition is preconfigured. **INTERNAL XREF ERROR** lists the default entries.

You can add entries in this lookup definitions if you want to map new target system attributes for provisioning. See Extending the Functionality of the Connector for more information.

1.7 Connector Objects Used During Target Resource Reconciliation

1.7.1 User Attributes for Reconciliation

The Lookup.Siebel.UM.ReconAttrMap lookup definition maps resource object fields and target system attributes. This lookup definition is used for performing target resource user reconciliation runs.

In this lookup definition, the Code Key contains the reconciliation attribute of the resource object.

The following is the format of the Code Key and Decode values in this lookup definition:

For single-valued attributes:

Code Key: Reconciliation attribute of the resource object
Decode: ATTRIBUTE_TYPE;ATTRIBUTE_NAME

In this format:
- ATTRIBUTE_TYPE specifies the type of attribute being reconciled. This connector supports reconciliation of both user and employee attributes. Therefore, the value of ATTRIBUTE_TYPE can be Employee, User, or common. Here, common specifies that the attribute being reconciled is both a user and employee attribute.
- ATTRIBUTE_NAME specifies the name of the target system attribute.

For multivalued attributes (position and responsibility):

Code Key: RO_ATTR_NAME~CHILD_RO_ATTR_NAME

In this format, RO_ ATTR_NAME specifies the reconciliation field of the parent resource object. CHILD_RO_ATTR_NAME specifies the reconciliation field on the child resource object.
Decode: Combination of the following elements separated by semicolon (;):

ATTRIBUTE_TYPE;OBJECT_CLASS;ATTRIBUTE_NAME;TRUE_OR_FALSE

In this format:
- ATTRIBUTE_TYPE specifies the type of attribute being reconciled. This connector supports reconciliation of both user and employee attributes. Therefore, the value of ATTRIBUTE_TYPE can be Employee, User, or common. Here, common specifies that the attribute being reconciled is both a user and employee attribute.
- OBJECT_CLASS is the name of the object class in which the attribute is stored. In other words, it is the business component name.
- ATTRIBUTE_NAME is the name of the attribute.
- TRUE_OR_FALSE is used to indicate whether the attribute is primary or secondary. For example, a value of true indicates that the attribute is a primary attribute. A value of False indicates that the attribute is a secondary attribute.

Table 1-4 lists the entries in this lookup definition.

Table 1-4 Entries in the Lookup.Siebel.UM.ReconAttrMap Lookup Definition

Resource Object Field (Code Key)	Target System Attribute (Decode)
Single-Valued Fields
Alias	common;Alias
Email	common;EMail Addr
EmployeeType[Lookup]	Employee;Employee Type Code
Extension	Employee;Work Phone Extension
Fax	common;Fax #
FirstName	common;First Name
HomePhone	common;Home Phone #
JobTitle	common;Job Title
LastName	common;Last Name
MiddleName	common;Middle Name
MPosition[Lookup]	Employee; Position;Name;true
PreferredCommunications[Lookup]	common;Preferred Communications
Primary Responsibility[Lookup]	common;Responsibility;Name;true
Status[WRITEBACK]	common;Responsibility;Name;true[WRITEBACK]
Title[Lookup]	common;Personal Title
User ID	common;Login Name
WorkPhone	common;Phone #
Multivalued Fields
Position~Position[Lookup]	Employee; Position;Name;false
Responsibility~Responsibility[Lookup]	common;Responsibility;Name;false

1.7.2 Reconciliation Rule for Target Resource Reconciliation

Learn about the reconciliation rule for this connector and how to view it.

1.7.2.1 Target Resource Reconciliation Rule

The following is the process-matching rule:

Rule name: Siebel Recon Rule

Rule element: User Login Equals User ID

In this rule element:

User Login is the User ID field on the OIM User form.
User ID is the User ID field of Siebel.

1.7.2.2 Viewing Target Resource Reconciliation Rules in the Design Console

You can view the reconciliation rule for reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

Log in to the Oracle Identity Manager Design Console.
Expand Development Tools.
Double-click Reconciliation Rules.
Search for Siebel Recon Rule.

1.7.3 Reconciliation Action Rules for Target Resource Reconciliation

Learn about the reconciliation action rules for this connector and how to view them.

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See

Setting a Reconciliation Action Rule (Developing Identity Connectors using Java)

Setting a Reconciliation Action Rule (Developing Identity Connectors using .net)

in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about setting a reconciliation action rule.

1.7.3.1 Target Resource Reconciliation Action Rules

Table 1-5 lists the action rules for Target Resource reconciliation.

Table 1-5 Action Rules for Target Resource Reconciliation

Rule Condition	Action
No Matches Found	Assign to Administrator With Least Load
One Entity Match Found	Establish Link
One Process Match Found	Establish Link

1.7.3.2 Viewing Target Resource Reconciliation Action Rules in the Design Console

You can view the reconciliation rule for reconciliation by performing the following steps:

Log in to the Oracle Identity Manager Design Console.
Expand Resource Management, and double-click Resource Objects.
If you want to view the reconciliation action rules for reconciliation, then search for and open the Siebel Resource Object resource object.
Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-2 shows the reconciliation action rules for target resource reconciliation.

Figure 1-2 Target Resource Reconciliation Action Rules

Description of "Figure 1-2 Target Resource Reconciliation Action Rules"

1.8 Connector Objects Used During Provisioning

Provisioning involves creating or modifying user data on the target system through Oracle Identity Manager.

This section discusses the following topics:

Provisioning Functions
User Attributes for Provisioning

See Also:

Managing Provisioning Tasks in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Manager for conceptual information about provisioning

1.8.1 Provisioning Functions

These are the provisioning functions that the connector supports.

Table 1-6 Provisioning Functions

Function	Adapter
Create User	Siebel Create
Delete User	Siebel Delete
Add User Position	Siebel Update Child Table
Add User Responsibility	Siebel Update Child Table
Delete User Position	Siebel Update Child Table
Delete User Responsibility	Siebel Update Child Table
Primary Position Updated	Siebel Update
Primary Responsibility Updated	Siebel Update
Time Zone Updated	Siebel Update
Email Updated	Siebel Update
Alias Updated	Siebel Update
MI Updated	Siebel Update
Work Phone Updated	Siebel Update
First Name Updated	Siebel Update
Last Name Updated	Siebel Update
Title Updated	Siebel Update
Home Phone Updated	Siebel Update
Fax Updated	Siebel Update
Preferred Communications Updated	Siebel Update
Extension Updated	Siebel Update
Employee Type Updated	Siebel Update
Job Title Updated	Siebel Update
User ID Updated	Siebel Update
Child Position Updated	Siebel Update Child Table
Child Responsibility Updated	Siebel Update Child Table

1.8.2 User Attributes for Provisioning

The Lookup.Siebel.UM.ProvAttrMap lookup definition maps process form fields with target system attributes. This lookup definition is used for performing provisioning operations.

The following is the format of the Code Key and Decode values in this lookup definition:

Code Key: Name of the field on the OIM User form in the Administrative and User Console. In other words, the process form field name.
Decode: ATTRIBUTE_TYPE;ATTRIBUTE_NAME

In this format:
- ATTRIBUTE_TYPE specifies the type of attribute being reconciled. This connector supports reconciliation of both user and employee attributes. Therefore, the value of ATTRIBUTE_TYPE can be Employee, User, or common. Here, common specifies that the attribute being reconciled is both a user and employee attribute.
- ATTRIBUTE_NAME specifies the name of the target system attribute.

For entries corresponding to process form fields on child forms, the following is the format of the Code Key and Decode values:

Code Key: CHILD_FORM_NAME~FIELD_NAME

In this format, CHILD_FORM_NAME specifies the name of the child form. FIELD_NAME specifies the name of the field on the OIM User child form in the Administrative and User Console.
Decode: Combination of the following elements separated by semicolon (;):

ATTRIBUTE_TYPE;OBJECT_CLASS;ATTRIBUTE_NAME;TRUE_OR_FALSE

In this format:
- ATTRIBUTE_TYPE specifies the type of attribute being reconciled. This connector supports reconciliation of both user and employee attributes. Therefore, the value of ATTRIBUTE_TYPE can be Employee, User, or common. Here, common specifies that the attribute being reconciled is both a user and employee attribute.
- OBJECT_CLASS is the name of the object class in which the attribute is stored. In other words, it is the business component name.
- ATTRIBUTE_NAME is the name of the attribute.
- TRUE_OR_FALSE is used to indicate whether the attribute is primary or secondary. For example, a value of true indicates that the attribute is a primary attribute. A value of False indicates that the attribute is a secondary attribute.

1.9 Connector Objects Used During Trusted Source Reconciliation

The following sections provide information about connector objects used during trusted source reconciliation:

1.9.1 User Attributes for Trusted Source Reconciliation

Table 1-7 lists user attributes for trusted source reconciliation.

Table 1-7 User Attributes for Trusted Source Reconciliation

OIM User Form Field	Siebel Attribute	Description
User ID	Login Name	Login ID
First Name	First Name	First Name
Last Name	Last Name	Last name
Employee Type	NA	The default value is `Employee`.
User Type	NA	The default value is `End-User Administrator`.
Organization	NA	The default value is `Xellerate Users`.
Email	EMail Addr	The e-mail address of the employee.

1.9.2 Reconciliation Rule for Trusted Source Reconciliation

Learn about the reconciliation rule for trusted source reconciliation and how to view it.

1.9.2.1 Trusted Source Reconciliation Rule

The following is the process matching rule:

Rule name: Trusted Source recon Rule

Rule element: User Login Equals User ID

In this rule element:

User Login is the User ID field on the OIM User form.
User ID is the User ID field of Siebel.

1.9.2.2 Viewing Trusted Source Reconciliation Rule

You can view the reconciliation rule for trusted resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

Log in to the Oracle Identity Manager Design Console.
Expand Development Tools.
Double-click Reconciliation Rules.
Search for Siebel Trusted User Rule. Figure 1-3 shows the reconciliation rule for trusted source reconciliation.

Figure 1-3 Reconciliation Rule for Trusted Source Reconciliation

Description of "Figure 1-3 Reconciliation Rule for Trusted Source Reconciliation"

1.9.3 Reconciliation Action Rules for Trusted Source Reconciliation

Learn about the reconciliation action rules for trusted source reconciliation and how to view them.

1.9.3.1 Trusted Source Reconciliation Action Rules

Table 1-8 lists the action rules for trusted source reconciliation.

Table 1-8 Action Rules for Trusted Source Reconciliation

Rule Condition	Action
No Matches Found	Create User
One Entity Match Found	Establish Link
One Process Match Found	Establish Link

1.9.3.2 Viewing Trusted Source Reconciliation Action Rules

After you deploy the connector, you can view action rules by performing the following steps:

Log in to the Oracle Identity Manager Design Console.
Expand Resource Management.
Double-click Resource Objects.
Search for and open the Siebel Trusted User resource object.
Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-4 shows the reconciliation action rule for trusted source reconciliation.

Figure 1-4 Reconciliation Action Rules for Trusted Source Reconciliation

Description of "Figure 1-4 Reconciliation Action Rules for Trusted Source Reconciliation"